Seven Steps to Take When You have A HIPAA Compliant
•Download as PPTX, PDF•
2 likes•768 views
Here I layout 7 steps to take when you have a breach, or suspect that you may have a breach, and how to mitigate these items.
Recommended
More Related Content
Recently uploaded
Recently uploaded (20)
Featured
Featured (20)
Seven Steps to Take When You have A HIPAA Compliant
- 1. 7 Steps To Take When You Have A HIPAA Complaint Jason Karn, Total HIPAA Compliance, LLC
- 2. What do you do when a client/patient contacts you about improper use of their PHI, and thinks they have a HIPAA Complaint? When You Receive a Complaint
- 3. ONE Open channels of communication • Listen closely to what the client/patient is saying, what the issue is, and what kind of resolution they are looking for. • Many times, listening can solve most of your problems, and will keep this person from filing a formal complaint with HHS.
- 4. TWO Document the complaint • Regardless of whether the person files a complaint with HHS, it’s important that you document what the issue was, when it occurred, and what information the person felt was released or used improperly.
- 5. THREE Determine how many clients are affected • If fewer than 500 people are affected, file a report with HHS within 60 days of the end of the calendar year. • Breaches of over 500 persons’ information need to be reported to HHS within 30 days of discovery, or from when you should have known there was a Breach. • These large Breaches also need to be reported to prominent local media outlets, and posted on your website.
- 6. FOUR Fix the problem • Sometimes this is easier said than done. (See Slide 1.) Once information has been released, it’s hard, if not impossible, to un-release it. • Update your records to reflect that you’ve identified the problem and made the necessary changes.
- 7. FIVE Reduce the impact • Many providers give harmed clients/patients free credit monitoring for a year to help mitigate any issues they might come up against.
- 8. SIX Review other similar situations • If you do find there was an issue with your policies or actions of your workforce, you should audit similar records to make sure this is a one-time incident and not the proverbial ‘canary in the coal mine’.
- 9. SEVEN Going forward • This client/patient may still wish to use your services after the complaint. By law, you are NOT allowed to retaliate in any way. • This may be uncomfortable for you and people in your agency/practice, but the reality is they might be doing you a favor by pointing out an error! • If the situation does become a major issue, you can suggest that the client/patient might be more comfortable with another provider, but you cannot force them to make this change.
- 10. Need help responding? TOTAL HIPAA COMPLIANCE info@totalhipaa.com 800.344.6381
- 11. Copyright notice from Jason Karn, Total HIPAA Compliance, LLC This work is licensed under a Creative Commons Attribution- NonCommercial-NoDerivs 3.0 Unported License. What does that mean? You may freely share this slide deck in its entirety with anyone. Splitting up the deck or charging for the copies is out of bounds. The original slide deck can be found at